- Description
- ProjectSend r1605 contains a remote code execution vulnerability that allows attackers to upload malicious files by manipulating file extensions. Attackers can upload shell scripts with disguised extensions through the upload.process.php endpoint to execute arbitrary commands on the server.
- Source
- disclosure@vulncheck.com
- NVD status
- Analyzed
- Products
- projectsend
CVSS 4.0
- Type
- Secondary
- Base score
- 8.7
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- HIGH
CVSS 3.1
- Type
- Secondary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- disclosure@vulncheck.com
- CWE-434
- Hype score
- Not currently trending
🚨 ProjectSend r1605 RCE via File Upload (CVE-2023-53980) - CVSS 9.8 File extension manipulation enables shell upload through upload.process.php. Complete server compromise possible.
@j0ltglacier
23 Dec 2025
63 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 ProjectSend r1605 RCE via File Upload (CVE-2023-53980) - CVSS 9.8 Attackers bypass file extension checks to upload malicious scripts. Direct server compromise through upload.process.php endpoint.
@j0ltglacier
23 Dec 2025
32 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2023-53980 ProjectSend r1605 Remote Code Execution via Malicious File Upload Vulnerability https://t.co/Qk8y86NpsY
@VulmonFeeds
23 Dec 2025
89 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🔴 CVE-2023-53980 - Critical ProjectSend r1605 contains a remote code execution vulnerability that allows attackers to upload malicious files by manipulating file extensions. Attackers can upload shell scripts with d... https://t.co/ZacMT37DME https://t.co/IaUbWMB8lH
@TheHackerWire
22 Dec 2025
52 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2023-53980: CRITICAL] Beware of ProjectSend r1605 security flaw! Attackers can execute commands through disguised file uploads. Ensure your cyber security protocols are up to date.#cve,CVE-2023-53980,#cybersecurity https://t.co/lozW0zpPAu https://t.co/ftXHqbrgap
@CveFindCom
22 Dec 2025
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:projectsend:projectsend:r1605:*:*:*:*:*:*:*",
"matchCriteriaId": "1ECB1397-1B02-4C9C-90B4-8D1D22CC9BB9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]